Vent Quickstart Guide¶
Getting Vent set up is quick and easy.
1. First, use pip to install the latest stable version of Vent:
Using pip:
pip3 install vent && ventDeveloper versions of Vent are available but may not be entirely stable.
Using Docker:
docker pull cyberreboot/vent docker run -it vent_image_idIn order to avoid having to use sudo or run docker as root, adding your current user to the docker group is the recommended way to work.
Using Git:
git clone https://github.com/CyberReboot/vent cd vent && make && vent
2. Now that Vent has started, let’s add, build, and start the core tools.
- In the main menu, press
^X
to open the action menu- Select
Core Tools
or pressc
- Select
Add all latest core tools
or pressi
. Vent will now clone the core tools’ directories from CyberReboot/vent.- Select
Build core tools
from the core tools sub-menu and use the arrow keys and the Enter key to pressOK
. It’s possible to choose which core tools are built using the Space key. Boxes with anX
in them have been selected. Note that building the core tools takes a few minutes. Please be patient while Vent creates the images.- Once the tool images are built, go back to the core tools sub-menu from main action menu and select
Start core tools
and hitOK
. Much likeBuild core tools
, it’s possible to select which core tools are started.
3. The core tools’ containers are up and running. Next, let’s add some plugins.
- From the action menu, Select
Plugins
or pressp
.- Select
Add new plugin
or pressa
.- For this quick start guide, we will use one of the example plugins provided from CyberReboot/vent-plugins. So just hit
OK
on the form.- Press the Space key to choose the
master
branch and hitOK
.- Uncheck all the boxes except for
/tcpdump_hex_parser
and hitOK
. Depending on the plugin, add times may vary so it is not unusual for long plugin add times.
4. Now we have a plugin that can process files with the extension .pcap
.
- Now, at the Vent main menu, look for the field
File Drop
. This is the folder that Vent watches for new files.- Move or copy a
.pcap
file into the path. Vent will recognize this new file and starttcpdump_hex_parser
. Depending on the size of the.pcap
file, it could take anywhere from a few seconds to minutes. You should see thejobs running
counter increase by one and, after the plugin is finished running, thecompleted jobs
counter will increase by one.
5. Let’s look at the results of the plugin using elasticsearch.
- From the action menu, select
Services Running
and selectCore Services
.- Copy the address next to
elasticsearch
into the web browser of choice.- On the main page, there should be a section with
pcap
with the results of the plugin.
Congrats! Vent is setup and has successfully recognized the pcap file and ran a
plugin that specifically deals with pcaps. You can now remove the
tcpdump_hex_parser
via the Plugins
sub-menu and create and install your own
Custom Vent Plugins